Encrypting servers

ajdratch
ajdratch used Ask the Experts™
on
I’m trying to figure out when to use bitlocker on a server. It makes sense for a laptop or desktop. If they are stolen and the thief can’t login because it is password protected, they could still put the drive in another computer and access the data.

If I have a server in a locked room and there is no concern that it would be stolen, what are the benefits of encryption?

Even if someone did steal the server, it is RAID 5 so it would be a lot more difficult to add the drives to another server to access the data.  It would be easier to run a program to hack the password.

If it is configured to use a pin to start the server, it could not be rebooted remotely. If it shut down for any reason, someone would need to go onsite to start it up. That could create problems especially during storms.

The most likely way someone is going to steal the data from my clients is by tricking a user to install malware. If malware is installed on a workstation, it would be able to access the server whether it is encrypted or not.

Just looking for the pros and cons if encrypting a server
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Adam BrownSenior Systems Admin
Top Expert 2010
Commented:
I wouldn't rely on RAID configuration as a security measure, to be honest. It's actually quite easy to get data off a RAID drive than you might think. If they steal the server, they can just boot from a USB or similar drive and read the data directly from the drive. Whole Disk Encryption of the drives on the server will prevent that from succeeding.

Realistically, how you approach encryption first depends on company policies. If company policy says data must be encrypted "at rest," then you need to encrypt it. If you are under regulatory compliance measures that demand encryption at rest, you need to encrypt it. After that, you should consider cost vs. benefit. Encryption of drives on a server will reduce drive read/write performance, because the system has to decrypt/encrypt data in addition to reading or writing it normally. If you have applications that have significant drive performance needs, you'll need to weigh the performance costs of encryption against the benefits of doing so. This is the core of risk assessment. Ask yourself whether the risk of losing a server is significant enough that adding additional layers of protection is justifiable.

There isn't really a clear-cut answer to this question. If physical security is good enough that no unauthorized individual would ever be able to get physical access to the server in a reasonable amount of time and with a good bit of effort, you're probably fine leaving the drive unencrypted. Otherwise, I'd encrypt the drives to be safe.

Author

Commented:
Good point about booting off a USB drive to access the RAID.
Doxware, a form of ransomware, steals the unencrypted data from a device and uses it to extort money from the end user.  If the documents (dox) are encrypted to begin with, they generally won't bother.  So in the end it is better to have sensitive information encrypted.

See this article on Doxware:

https://www.experts-exchange.com/articles/28039/Doxware-ransomware-gets-nastier.html
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

Distinguished Expert 2018
Commented:
Hi.

"If I have a server in a locked room and there is no concern that it would be stolen, what are the benefits of encryption?" - no benefits at all. Only when untrusted people are able to enter the server room, you will have a problem. If it is properly locked and no untrusted people may enter, don't encrypt it.

"Even if someone did steal the server, it is RAID 5 so it would be a lot more difficult to add the drives to another server to access the data" - no, it would still be very easy. But still, if the room is properly secured, don't worry.
As I said, if it is connected to the net at all you may want to encrypt sensitive files.
Distinguished Expert 2018

Commented:
The suggestions are contradictory. Thomas you need to explain why encrypting files would do any good when the only thing it will protect against is unauthorized physical access.
If I am understanding the OP correctly, the answer is to encrypt files which contain personally Identifiable information (PII) if the files are encrypted then if an unscrupulous person gets their hands on the files using Doxware (see this comment and the article there), they will only have encrypted files and cannot use them to extort money from the end user.  This has become a more and more likely scenario.  Although encryption does not help with ransomware infections, it completely thwarts doxware attempts.

Please read the article for a complete explanation.

IMHO, the only completely safe computer/server is one not connected to the internet, sealed in a room and filled with concrete. (if you haven't heard something like that, you are welcome to use it)
Distinguished Expert 2018

Commented:
I know what doxware is, but it does not apply. The server files need to be accessible by users at some point, so when they unlock the encryption  that you would ask him to apply, that's when the doxware/malware whatever component can read it, too. Encryption of data at rest is only effective against physical theft - nothing else.
Point taken.  Although it was my impression that a user need not access a file for malware to latch onto it and use it in a doxware type attack.  It could be data just sitting on the server, unencrypted, that would be accessible to a user if they wanted to access it.  Did I misunderstand that?
Distinguished Expert 2018

Commented:
"a user need not access a file for malware to latch onto it and use it in a doxware type attack" - malware is a process as any other process and acts as the underlying user, the user who started it and thus, can only read the files the user can read.
I see where you are going on this...  I meant a user would not necessarily be accessing the files, but indeed their creds need to be able to access the files, so their creds would have the ability to decrypt the files as well.  I hadn't thought about it that way.  In that case I would change the statement I made earlier to agree with McKnife, unless the situation is different than it has been outlined.
Adam BrownSenior Systems Admin
Top Expert 2010

Commented:
Whole Disk Encryption isn't designed to provide protection against malware. Anti-malware/Anti-Virus applications do that. WDE is just meant to protect data against *unauthorized* access. Anyone who has permission to open files on a server with WDE enabled will have access to those files as long as they access it with the correct methods, through the Operating system. This means that an unauthorized user can still access the data if they compromise an authorized user's account, and malware can infect data. However, if the drives are encrypted, access to the files *outside* correct methods (IE, using a different OS from a different Boot device) will be more difficult, if not impossible.

Individual file encryption, on the other hand, can help block doxware attacks, since the only way to access those files is to have a separate password than one used by your account. malware attacks generally can't take this type of protection into account, so they will fail to read the data. Ransomware, however, is able to re-encrypt files that are already encrypted, so don't think of this technique as full protection for files.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial